[strongSwan] KEY_ID encoding

Tobias Brunner tobias at strongswan.org
Mon Sep 14 10:56:07 CEST 2020


Hi Volodymyr,

> do not work - StrongSwan do not consider this connection when choosing
> between few.

Increase the log level for cfg to 3 [1] to see details about the matched
identities and read or send the log.

> What is the right way to describe id for PSK connection where remote
> part uses key-id type, e.g. on Cisco it is "crypto isakmp identity
> key-id aa"?

Don't know what Cisco will send if you do that, so no idea.  You'll see
that in the log.

> And which id need to be used in 'secrets' section to achieve the result?
> Should it be

It must match the identity value and type you configure in the remote
section.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration


More information about the Users mailing list